SSO APM Policy logout and redirect to SSO login page

 

 

Hi all,

 

I got an ambiguous case regarding an APM that I use to enforce an SSO policy. I have two applications, to which I’ve created a Client SSO Forms configuration and I have defined the logout pages of these two apps, in the APM logout URIs. In addition, I use an external login page to login to the SSO.

 

Everything worked flawlessly, until I tried, to redirect from the logout page to a page that is defined as one of two apps login page (it includes the login form of the app).

 

The problem, which arises, is that sometimes the APM detects the login form and that no apm session exists, and correctly redirects to the external login page, in order to allow the user to login, and sometimes, the APM tries to re-login with the current, and yet expired session (since the logout page was requested), and starts the new APM session upon the application login post action. I cannot understand, why sometimes works and sometimes doesn’t.

 

I’ve tried minimizing the logout time to 1seconds and as well to use an Irule that will perform an ACCESS::session remove prior redirecting the user to the login page, but it did not solve the problem.

 

Has anyone managed to logout an SSO APM policy and then redirect back to the login page? I would like to find out if this is even possible to be done, or there are any limitations?

 

Thank you for your time,

 

George